Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Not Solved [Security] Avatar got hacked?
#1
Not Solved Question 
Today my forum got hacked. The hacker replaced all avatars with his own image. But not all the avatars changed, some still remain as usual... Huh

How could this happen? I only use two plugins, ezIRC and Sidebox with the most recent version. And I use MyBB version 1.6.3. And strong password, change admin directory, etc...

Note: I am using a VPS. Not shared host.

Thanks.
#2
Not Solved
Sleepy
[Image: 4f23f9e28cbc.png]
#3
Not Solved
(2011-06-18, 03:54 PM)mobesta Wrote: whay mybb hack & hack & ...??? where is security in mybb 1.6.3 ????
Angry

Please dont flame, i need help...
#4
Not Solved
(2011-06-18, 03:54 PM)mobesta Wrote: whay mybb hack & hack & ...??? where is security in mybb 1.6.3 ????
Angry

You know it's definitely an issue with MyBB do you??

Rolleyes

The best way of finding out what happened would just be to review your server logs.
MyReactions - All Plugins

Can you still feel the butterflies?

Free never tasted like pudding.
#5
Not Solved
(2011-06-18, 03:56 PM)MattRogowski Wrote:
(2011-06-18, 03:54 PM)mobesta Wrote: whay mybb hack & hack & ...??? where is security in mybb 1.6.3 ????
Angry

You know it's definitely an issue with MyBB do you??

Rolleyes

The best way of finding out what happened would just be to review your server logs.

Another way please?
#6
Not Solved
I'm not really sure what other way you're expecting there to be. Someone did something on your server, logs are taken for a reason, you'll need to look at the logs and see what this person did. There isn't a big flashing message that will tell you what happened, it doesn't quite work like that.
MyReactions - All Plugins

Can you still feel the butterflies?

Free never tasted like pudding.
#7
Not Solved
Sleepy
[Image: 4f23f9e28cbc.png]
#8
Not Solved
(2011-06-18, 04:03 PM)MattRogowski Wrote: I'm not really sure what other way you're expecting there to be. Someone did something on your server, logs are taken for a reason, you'll need to look at the logs and see what this person did. There isn't a big flashing message that will tell you what happened, it doesn't quite work like that.

I mean, how this happen... Where is the hole... Sad
log files are deleted.
#9
Not Solved
(2011-06-18, 04:10 PM)alzea Wrote:
(2011-06-18, 04:03 PM)MattRogowski Wrote: I'm not really sure what other way you're expecting there to be. Someone did something on your server, logs are taken for a reason, you'll need to look at the logs and see what this person did. There isn't a big flashing message that will tell you what happened, it doesn't quite work like that.

I mean, how this happen... Where is the hole... Sad

Again, you would need to look at your logs. I don't know how you expect us to be able to tell you what happened without looking at any information. Bit like trying to get a mechanic to fix your car without him looking at it, he's not a magician.

(2011-06-18, 04:10 PM)alzea Wrote: log files are deleted.

What, all your server logs?? Apache access logs, all gone??
MyReactions - All Plugins

Can you still feel the butterflies?

Free never tasted like pudding.
#10
Not Solved
Entry could have been at many levels. From the server, to the services, to the site. It takes a seasoned system admin to figure it out.

Simply buying VPS with a control panel and installing a script doesn't give you any protection or insight on how security works.

I wish you luck.


Forum Jump:


Users browsing this thread: 1 Guest(s)